375 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			375 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0
 | |
| /*
 | |
|  *  pkey base: debug feature, pkey handler registry
 | |
|  *
 | |
|  *  Copyright IBM Corp. 2024
 | |
|  */
 | |
| 
 | |
| #define KMSG_COMPONENT "pkey"
 | |
| #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
 | |
| 
 | |
| #include <linux/cpufeature.h>
 | |
| #include <linux/init.h>
 | |
| #include <linux/list.h>
 | |
| #include <linux/module.h>
 | |
| #include <linux/rculist.h>
 | |
| 
 | |
| #include "pkey_base.h"
 | |
| 
 | |
| MODULE_LICENSE("GPL");
 | |
| MODULE_AUTHOR("IBM Corporation");
 | |
| MODULE_DESCRIPTION("s390 protected key base and api");
 | |
| 
 | |
| /*
 | |
|  * pkey debug feature
 | |
|  */
 | |
| debug_info_t *pkey_dbf_info;
 | |
| EXPORT_SYMBOL(pkey_dbf_info);
 | |
| 
 | |
| /*
 | |
|  * pkey handler registry
 | |
|  */
 | |
| 
 | |
| static DEFINE_SPINLOCK(handler_list_write_lock);
 | |
| static LIST_HEAD(handler_list);
 | |
| 
 | |
| int pkey_handler_register(struct pkey_handler *handler)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 
 | |
| 	if (!handler ||
 | |
| 	    !handler->is_supported_key ||
 | |
| 	    !handler->is_supported_keytype)
 | |
| 		return -EINVAL;
 | |
| 
 | |
| 	if (!try_module_get(handler->module))
 | |
| 		return -ENXIO;
 | |
| 
 | |
| 	spin_lock(&handler_list_write_lock);
 | |
| 
 | |
| 	rcu_read_lock();
 | |
| 	list_for_each_entry_rcu(h, &handler_list, list) {
 | |
| 		if (h == handler) {
 | |
| 			rcu_read_unlock();
 | |
| 			spin_unlock(&handler_list_write_lock);
 | |
| 			module_put(handler->module);
 | |
| 			return -EEXIST;
 | |
| 		}
 | |
| 	}
 | |
| 	rcu_read_unlock();
 | |
| 
 | |
| 	list_add_rcu(&handler->list, &handler_list);
 | |
| 	spin_unlock(&handler_list_write_lock);
 | |
| 	synchronize_rcu();
 | |
| 
 | |
| 	module_put(handler->module);
 | |
| 
 | |
| 	PKEY_DBF_INFO("%s pkey handler '%s' registered\n", __func__,
 | |
| 		      handler->name ?: "<no name>");
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_register);
 | |
| 
 | |
| int pkey_handler_unregister(struct pkey_handler *handler)
 | |
| {
 | |
| 	spin_lock(&handler_list_write_lock);
 | |
| 	list_del_rcu(&handler->list);
 | |
| 	INIT_LIST_HEAD_RCU(&handler->list);
 | |
| 	spin_unlock(&handler_list_write_lock);
 | |
| 	synchronize_rcu();
 | |
| 
 | |
| 	PKEY_DBF_INFO("%s pkey handler '%s' unregistered\n", __func__,
 | |
| 		      handler->name ?: "<no name>");
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_unregister);
 | |
| 
 | |
| /*
 | |
|  * Handler invocation functions.
 | |
|  */
 | |
| 
 | |
| const struct pkey_handler *pkey_handler_get_keybased(const u8 *key, u32 keylen)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 
 | |
| 	rcu_read_lock();
 | |
| 	list_for_each_entry_rcu(h, &handler_list, list) {
 | |
| 		if (!try_module_get(h->module))
 | |
| 			continue;
 | |
| 		if (h->is_supported_key(key, keylen)) {
 | |
| 			rcu_read_unlock();
 | |
| 			return h;
 | |
| 		}
 | |
| 		module_put(h->module);
 | |
| 	}
 | |
| 	rcu_read_unlock();
 | |
| 
 | |
| 	return NULL;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_get_keybased);
 | |
| 
 | |
| const struct pkey_handler *pkey_handler_get_keytypebased(enum pkey_key_type kt)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 
 | |
| 	rcu_read_lock();
 | |
| 	list_for_each_entry_rcu(h, &handler_list, list) {
 | |
| 		if (!try_module_get(h->module))
 | |
| 			continue;
 | |
| 		if (h->is_supported_keytype(kt)) {
 | |
| 			rcu_read_unlock();
 | |
| 			return h;
 | |
| 		}
 | |
| 		module_put(h->module);
 | |
| 	}
 | |
| 	rcu_read_unlock();
 | |
| 
 | |
| 	return NULL;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_get_keytypebased);
 | |
| 
 | |
| void pkey_handler_put(const struct pkey_handler *handler)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 
 | |
| 	if (!handler)
 | |
| 		return;
 | |
| 
 | |
| 	rcu_read_lock();
 | |
| 	list_for_each_entry_rcu(h, &handler_list, list) {
 | |
| 		if (h == handler) {
 | |
| 			module_put(h->module);
 | |
| 			break;
 | |
| 		}
 | |
| 	}
 | |
| 	rcu_read_unlock();
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_put);
 | |
| 
 | |
| int pkey_handler_key_to_protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
 | |
| 				const u8 *key, u32 keylen,
 | |
| 				u8 *protkey, u32 *protkeylen, u32 *protkeytype)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 	int rc = -ENODEV;
 | |
| 
 | |
| 	h = pkey_handler_get_keybased(key, keylen);
 | |
| 	if (h && h->key_to_protkey) {
 | |
| 		rc = h->key_to_protkey(apqns, nr_apqns, key, keylen,
 | |
| 				       protkey, protkeylen,
 | |
| 				       protkeytype);
 | |
| 	}
 | |
| 	pkey_handler_put(h);
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_key_to_protkey);
 | |
| 
 | |
| /*
 | |
|  * This handler invocation is special as there may be more than
 | |
|  * one handler providing support for the very same key (type).
 | |
|  * And the handler may not respond true on is_supported_key(),
 | |
|  * so simple try and check return value here.
 | |
|  */
 | |
| int pkey_handler_slowpath_key_to_protkey(const struct pkey_apqn *apqns,
 | |
| 					 size_t nr_apqns,
 | |
| 					 const u8 *key, u32 keylen,
 | |
| 					 u8 *protkey, u32 *protkeylen,
 | |
| 					 u32 *protkeytype)
 | |
| {
 | |
| 	const struct pkey_handler *h, *htmp[10];
 | |
| 	int i, n = 0, rc = -ENODEV;
 | |
| 
 | |
| 	rcu_read_lock();
 | |
| 	list_for_each_entry_rcu(h, &handler_list, list) {
 | |
| 		if (!try_module_get(h->module))
 | |
| 			continue;
 | |
| 		if (h->slowpath_key_to_protkey && n < ARRAY_SIZE(htmp))
 | |
| 			htmp[n++] = h;
 | |
| 		else
 | |
| 			module_put(h->module);
 | |
| 	}
 | |
| 	rcu_read_unlock();
 | |
| 
 | |
| 	for (i = 0; i < n; i++) {
 | |
| 		h = htmp[i];
 | |
| 		if (rc)
 | |
| 			rc = h->slowpath_key_to_protkey(apqns, nr_apqns,
 | |
| 							key, keylen,
 | |
| 							protkey, protkeylen,
 | |
| 							protkeytype);
 | |
| 		module_put(h->module);
 | |
| 	}
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_slowpath_key_to_protkey);
 | |
| 
 | |
| int pkey_handler_gen_key(const struct pkey_apqn *apqns, size_t nr_apqns,
 | |
| 			 u32 keytype, u32 keysubtype,
 | |
| 			 u32 keybitsize, u32 flags,
 | |
| 			 u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 	int rc = -ENODEV;
 | |
| 
 | |
| 	h = pkey_handler_get_keytypebased(keysubtype);
 | |
| 	if (h && h->gen_key) {
 | |
| 		rc = h->gen_key(apqns, nr_apqns, keytype, keysubtype,
 | |
| 				keybitsize, flags,
 | |
| 				keybuf, keybuflen, keyinfo);
 | |
| 	}
 | |
| 	pkey_handler_put(h);
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_gen_key);
 | |
| 
 | |
| int pkey_handler_clr_to_key(const struct pkey_apqn *apqns, size_t nr_apqns,
 | |
| 			    u32 keytype, u32 keysubtype,
 | |
| 			    u32 keybitsize, u32 flags,
 | |
| 			    const u8 *clrkey, u32 clrkeylen,
 | |
| 			    u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 	int rc = -ENODEV;
 | |
| 
 | |
| 	h = pkey_handler_get_keytypebased(keysubtype);
 | |
| 	if (h && h->clr_to_key) {
 | |
| 		rc = h->clr_to_key(apqns, nr_apqns, keytype, keysubtype,
 | |
| 				   keybitsize, flags, clrkey, clrkeylen,
 | |
| 				   keybuf, keybuflen, keyinfo);
 | |
| 	}
 | |
| 	pkey_handler_put(h);
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_clr_to_key);
 | |
| 
 | |
| int pkey_handler_verify_key(const u8 *key, u32 keylen,
 | |
| 			    u16 *card, u16 *dom,
 | |
| 			    u32 *keytype, u32 *keybitsize, u32 *flags)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 	int rc = -ENODEV;
 | |
| 
 | |
| 	h = pkey_handler_get_keybased(key, keylen);
 | |
| 	if (h && h->verify_key) {
 | |
| 		rc = h->verify_key(key, keylen, card, dom,
 | |
| 				   keytype, keybitsize, flags);
 | |
| 	}
 | |
| 	pkey_handler_put(h);
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_verify_key);
 | |
| 
 | |
| int pkey_handler_apqns_for_key(const u8 *key, u32 keylen, u32 flags,
 | |
| 			       struct pkey_apqn *apqns, size_t *nr_apqns)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 	int rc = -ENODEV;
 | |
| 
 | |
| 	h = pkey_handler_get_keybased(key, keylen);
 | |
| 	if (h && h->apqns_for_key)
 | |
| 		rc = h->apqns_for_key(key, keylen, flags, apqns, nr_apqns);
 | |
| 	pkey_handler_put(h);
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_apqns_for_key);
 | |
| 
 | |
| int pkey_handler_apqns_for_keytype(enum pkey_key_type keysubtype,
 | |
| 				   u8 cur_mkvp[32], u8 alt_mkvp[32], u32 flags,
 | |
| 				   struct pkey_apqn *apqns, size_t *nr_apqns)
 | |
| {
 | |
| 	const struct pkey_handler *h;
 | |
| 	int rc = -ENODEV;
 | |
| 
 | |
| 	h = pkey_handler_get_keytypebased(keysubtype);
 | |
| 	if (h && h->apqns_for_keytype) {
 | |
| 		rc = h->apqns_for_keytype(keysubtype,
 | |
| 					  cur_mkvp, alt_mkvp, flags,
 | |
| 					  apqns, nr_apqns);
 | |
| 	}
 | |
| 	pkey_handler_put(h);
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_apqns_for_keytype);
 | |
| 
 | |
| void pkey_handler_request_modules(void)
 | |
| {
 | |
| #ifdef CONFIG_MODULES
 | |
| 	static const char * const pkey_handler_modules[] = {
 | |
| #if IS_MODULE(CONFIG_PKEY_CCA)
 | |
| 		"pkey_cca",
 | |
| #endif
 | |
| #if IS_MODULE(CONFIG_PKEY_EP11)
 | |
| 		"pkey_ep11",
 | |
| #endif
 | |
| #if IS_MODULE(CONFIG_PKEY_PCKMO)
 | |
| 		"pkey_pckmo",
 | |
| #endif
 | |
| #if IS_MODULE(CONFIG_PKEY_UV)
 | |
| 		"pkey_uv",
 | |
| #endif
 | |
| 	};
 | |
| 	int i;
 | |
| 
 | |
| 	for (i = 0; i < ARRAY_SIZE(pkey_handler_modules); i++) {
 | |
| 		const struct pkey_handler *h;
 | |
| 		bool found = false;
 | |
| 
 | |
| 		rcu_read_lock();
 | |
| 		list_for_each_entry_rcu(h, &handler_list, list) {
 | |
| 			if (h->module &&
 | |
| 			    !strcmp(h->module->name, pkey_handler_modules[i])) {
 | |
| 				found = true;
 | |
| 				break;
 | |
| 			}
 | |
| 		}
 | |
| 		rcu_read_unlock();
 | |
| 		if (!found) {
 | |
| 			pr_debug("request_module(%s)\n", pkey_handler_modules[i]);
 | |
| 			request_module(pkey_handler_modules[i]);
 | |
| 		}
 | |
| 	}
 | |
| #endif
 | |
| }
 | |
| EXPORT_SYMBOL(pkey_handler_request_modules);
 | |
| 
 | |
| /*
 | |
|  * Module init
 | |
|  */
 | |
| static int __init pkey_init(void)
 | |
| {
 | |
| 	int rc;
 | |
| 
 | |
| 	/* init debug feature */
 | |
| 	pkey_dbf_info = debug_register("pkey", 1, 1, 5 * sizeof(long));
 | |
| 	debug_register_view(pkey_dbf_info, &debug_sprintf_view);
 | |
| 	debug_set_level(pkey_dbf_info, 4);
 | |
| 
 | |
| 	/* the handler registry does not need any init */
 | |
| 
 | |
| 	rc = pkey_api_init();
 | |
| 	if (rc)
 | |
| 		debug_unregister(pkey_dbf_info);
 | |
| 
 | |
| 	return rc;
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Module exit
 | |
|  */
 | |
| static void __exit pkey_exit(void)
 | |
| {
 | |
| 	pkey_api_exit();
 | |
| }
 | |
| 
 | |
| module_cpu_feature_match(S390_CPU_FEATURE_MSA, pkey_init);
 | |
| module_exit(pkey_exit);
 |